Lessons in business

Difficult times call for new approaches. For IT, that means getting out of the back office and talking business, says Gulf International Bank CIO Seb Kacary.

“The problem is that people only really hear of the IT projects that fail, first off. If you went to most organisations, the vast majority of IT projects succeed, and typically they are within budget and within the agreed time scales”
-Seb Kacary

In a recent survey conducted by the Economist Intelligence Unit, 59 percent of 360 Middle East executives surveyed said they had been prompted by the financial market turmoil to scrutinise their risk management practices in greater detail. This demonstrates the need for having the organisation as a whole understand the importance of risk within the banking arena. Certainly within Gulf International Bank (GIB), we’ve taken great steps to highlight and improve the risk appreciation across the board, so we can see the importance of getting more thorough processes in place and more targeted technology to support those processes.

To foster a culture of risk management, education is fundamental from the outset. We’ve been fortunate enough that because of the crisis, people understand the need to have the group in the corner covering risk management. But now they understand full well the importance of that group and how it can support both the trading function and the operational function of the bank.

A perfect fit
The IT function of managing the business need for speed and the innate slowness of risk is done by getting the right technology in place, right now. It’s about understanding technology that’s fit for purpose. Too often, organisations, banks in particular, over-engineer solutions and over-engineer the process to support those solutions, and you need to have something far more slick and targeted to understand how the business performs and how it wants the information available to them.

Finding the technology that’s fit for that purpose is about getting the right people in place who understand the processes, how to measure the risk and understand the scope of our business and what we need to support that. It’s getting the right people educated in order to get those tools in place. Too often, you have a salesman selling you a tool or a chief executive reading about a technology, which becomes implemented and then you find that it’s not fit for purpose. So you need to get the intelligence in the organisation, or draft it in, in order to properly see out what’s required and what you need to build.

From a technology point of view, one of the most important things that we need to do is have all the requirements thoroughly mapped out and approved, and then make sure we have a full support structure around that. That is far more important than what may be the new technology to support the business. It’s fundamental to get the right technology in place and have that completely supported, without having pockets of technology that evolve from the business.

Communication
Building effective communication channels is vitally important. Without those, if you don’t communicate with the business and you don’t let them know what you’re doing, the natural assumption is you’re not doing a great deal. What they typically see is that you’re not prioritising their requirements as high as they would like you to be, yet you’re spending an awful lot of money on upgrades and software patches, and unless you communicate the importance of those, they don’t adequately see why you’re doing that. Building effective communication channels is key.

IT also needs to adapt to the corporate culture in which they live. As a department, they are quite often working as an island to themselves and have a view that they should be able to operate in isolation. Business doesn’t understand what IT are doing, and think we should just be left to work the way we should be working. But we need to look at how business operates. Are they a centralized organisation? Is it process driven? Is the company seen as a measurement company? Do they measure much more beyond financial records? Are they risk tolerant? And so when you build it and conform to that corporate culture, IT and business tend to work far more effectively together.

It’s important, not only for IT but the entire banking sector, to look outside of itself. I try to encourage my whole team to look at best practice across the board. A good example of this is Reuters – since I began and held a position there, they have evolved quite remarkably as a company – how they’ve sought to allow technical staff to progress within a technical sphere and have that promotional capability, without them having to move into a management role that potentially is not suited for them.

It’s important for all of IT to look at best practice outside of the IT arena. Some of the areas I’ve looked to introduce within IT are having a proper service management governance structure to bring in an ITO framework within the bank, which has been very successful. So we’ve implemented the processes, and now it’s implementing the tools to support those, which we’re having the fun part of doing now.

We’ve introduced a newsletter within IT as a means of fostering communication within the IT community. It’s a way of IT having something that’s purely for us. We can poke fun at some of the banana skin moments we have within IT; we can applaud good work. But we can also foster that communication across the organisation.

“The role of today's CIO is still in flux from technologist to strategist”
-Seb Kacary

Security
Fortunately, one of our greatest issues so far of convincing management to follow us with our ideas has not necessarily been true for us in terms of security. There’s been enough press and media attention related around issues of our IT security function and the lapses in security, and the effects have been positive – it’s almost done the job for us to a certain extent. It’s certainly not easy to get the funding for these initiatives, but there’s enough profile within the business now, and I’d imagine it’s similar in other organisations, that as long as we can justify and show the benefits it’s bringing to security, then we often have the approval to proceed.

From a security point of view itself, we no longer have issues – they’ve pretty much recovered from the early initiation of software as a service, where that was an obvious flaw. That box has been ticked now. However, software as a service doesn’t provide what we’re looking for, in terms of customising the applications. You need to integrate the customisation of the application, and that’s where we would struggle and any provider would struggle to support us as a bank. You almost need a larger bank providing services to smaller banks like us, or us engineering our solution and being a profit centre rather than a cost centre, being a software as a service provider to other banks in the UK.

Reliable resources
Streamlining functions and becoming resourceful is one way of cutting costs within the department. It’s a similar thing that you’ll see across a lot of organisations, that the strands we’re looking at are predominantly simplification of the environment. So a lot of organisations evolved organically and found themselves supporting multiple applications and multiple streams with similar core functions.

They turned to Reuters as having a common platform, and it’s a similar process I’ve looked to instil within GIB to drive an initiative that was already ongoing, and pushing back a very complex network of applications that were meshed together into something that’s far better suited to the organisation we are now, and far more directly supports what business functions we have. Also important is looking at technologies such as virtualisation both from a server point of view – storage and desktop – and having the flexibility that affords us as a bank.

Difficult times such as these can often lead to both customers and providers neglecting innovation. In order to reduce impact from the financial crisis, we’re deploying a tactic of moving away from some of the over-engineered solutions that we had and moving to end solutions that are inherently reliable and robust because you build in resilience as part of it, rather than buying very large units that are fully resilient.

It’s more the provision of the technology rather than the technology itself that will flourish in these times. This will happen more if less organisations invest heavily in the bespoke applications for their sites, and far more organisations that are our size will look to buy software as a service or an ASP model to support their business and then look at how the technology to support the integration of those services.

Strategist
The role of today’s CIO is still in flux from technologist to strategist. I think something that’s helped is a lot of organisations allow in the progression path are full, pure technologists. They no longer hit a glass ceiling at a senior developer stage, and they can progress within the organisation. That helped stop the Peter Principle proliferating through IT, where 10 years ago it was very common.

I strongly feel that the path that CIOs are following more and more now, is one where they’re becoming much more strategists than they are pure technologists. Along that path they need to pick up far more business knowledge, business education and look to stretch themselves a bit more. They are no longer looking at technology with their head down and only concerning themselves with providing a good technology solution, but are looking more at how the business is supported by that technology. And that’s what I think is becoming far more important.

Whether technologists have that experience comes down to whether each company want their CIOs to focus purely on technology, which isn’t a bad thing – in the right situation and with the right people, they’re serving their best skills. However, what we need to do is to move the IT function to work better with the business. You need to have more of a strategic overview, and I think it does come down, to a certain extent, to education, having more business education amongst IT.

Something I’ve introduced within GIB is having business talk directly to IT, which has gone down very well. It’s having the opportunity for IT to listen to the people that are conducting the business and are on the trade floor talking about future plans, talking about how well the business is doing, talking about issues that they have, both with technology and outside of technology remit. It helps IT appreciate far more exactly what business is all about and think of new ways in which we could offer solutions or offer products that we could market within the organisation.

You can always work to improve the gap between IT and sales – it’s mainly down to communication across the teams. It has suffered and still does suffer from the fact that you typically don’t have a seat on the board, as this is typically allocated through a finance, marketing or sales function, not IT. However, that view is changing more and more, and IT is getting more representation at a senior level because fundamentally it’s core to a lot of what businesses do now. From a sales function, it’s important in that there are channels of sales, be it effective internet for example, that IT could help the sales function deliver the message far more cleanly and efficiently.

The problem is that people only really hear of the IT projects that fail, first off. If you went to most organisations, the vast majority of IT projects succeed, and typically they are within budget and within the agreed time scales. But you can’t get away from the fact that certain high-profile projects do suffer and are widely reported.

My view of project work is that the time spent upfront is the most important time in any project, and that helps the project be a success. Too often with project planning and initiation, people try to cut corners, and they try to rapidly produce a business case or forget about the business case. So it’s getting back to the basics, back to what we need to implement, and to know what you’re implementing or the success criterias of what you’re implementing, a robust project team and project governance must be in place.

Most importantly in any project is communication. If those channels aren’t built and you don’t have a proper communications plan, you’re ultimately going to fail.

Feeling the pinch
IT and operations are often one of the first areas that the organisation will look at to cut costs. When you work in IT, you always see yourself as being one of the areas that will be approached first when there is a financial downturn. Sometimes that helps lead to an element of distrust between business and IT. That’s part of my role – to try to build those bridges and eradicate the distrust that’s created by that. But from the heyday we had a decade ago, IT has been trying to rein back the costs and the over-engineering that has been put in place across a large number of organisations. From a structural point of view, we’ve completed an exercise to help contain the costs from a resource point of view, and now it’s really looking at further instilling a strategy across our technology that not only makes us more agile, but also can contain costs.

Historically, business and IT have elements of distrust. IT didn’t do themselves any favours from Y2K and the fiasco that that was, and a lot of business representatives haven’t forgiven IT for that yet. What’s important in building that trust and building those bridges is really laying out to business representatives exactly what service we are providing for them. A key part of that is to build SLAs into what you deliver to the customer without being too regimented into how you dictate those. However, if you’re leaving yourself as open to the service you provide, you’re really leaving yourself open to failure as far as business is concerned.